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(57) Abstract: A mcihod and syslcm for mapping oriiiinal Media Acccs.s Conirol ( MAC Y addresses to unique locally administered 
virtual MAC addresses in an lihernel nciwork: An access node uses an address mapping funciion lo map each original MAC address 
lo one of a pluraliiy of locally administered virtual MAC addres.ses, and vice versa. The six mnsl significant hils of Ihe first ocict of 
the addrcs.s arc used to define a domain for the addres.*:, and the second^leasi i;ignificant bit of ihc first octet indicates that the address 
is u locally administered MAC address. The second and third octets of the address arc used lo indicate a unit-specific use. The last 
three octets of the address indicate an oi£anizationally assigned unll-uniquc MAC address. Additional address mapping fiinctinns 
may map original addrcs.<ics from dilTcrent sources omo the same Ethernet network while mainlainingthc uniqueness of each, virtual 
MAC address. 
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SYSTEM, METHOD AND FUNCTION FOR ETHERNET MAC ADDRESS MANAGEMENT 

■ ^ BACKGROUND OF THE INVEm-|ON 

! ' The present invention reliates' to digital oommuni^^^ More 
5 ( particularly, and not by way of limitation, the invention relates to a system and 
I method for managing ' locally .adrninistered Media Access Control (MAC) 
! addresses in ah Ethemet Lodal Area Network (LAN). 

Vf Ethernet Is a packet-feas«i transmission protocol that is primarily used in 
. LANs. " Etliemet is the rommon name .for^the IEEE 802.3 industry specification. 
10 - r b^ta Js transnrfitted- Jn Ethernet frames, and FIG. 1 is an illustration of a typical 
. ^Ethernet framejno. To synchronize the receiving node(s), each frame starts with 
! 64 bits used only for synchronization, consisting of a 56-bit preamble 11 and an 
vS-bit Start of Frame Delimiter (SFD) 12. A*destination address 13, a source 
; address 14, and a length/type identifier 15 fbilow the preamble. Media Access 
; 15 Control (MAC)^client data 16, tbgether with a Packet Assembler/Disassembler 
\ (PAD) 17 may vary in length from 46 to 1 500 octets. A Frame Check Sequence 
I (PCS) I S adds four more octets. ; The frame size is counted from the destination 
\ address to the PCS, inclusive, and thus may vary between 64 and 1518 octets, 
• not including ah optional Virtual Local Area Network (VLAN) tag. which adds 4 
20 i octets. 

J FICjI 2 is an illustratfon . of a typical Ethernet destination and source 
' . ■ address struciUr©, known as a l^MC address, as shown in IEEE 802.3, which Is 

■ f incorporated herein by reference; An l/G field 21 indicates vwhether the address 
V. ■ ;Ms'an individual or a group address. A zero (0) in jhrs field indicates an individual 
: 25- ; address, while a one (ii) indicates a- group address (multicast). Note that a 

- source address can only have a zero (0) in the l/G field. A U/L field 22 indicates 
^whether the address is a universal or local address. A zero (0) in this field 
. . : indicates a universally administered address, vtfhite a one (1) indicates a tocally 
' administered address.. A/ destination address with all ones represents a 
30- ' broadcast address.. The KiiAC -address - strlicture is completed with the actual 
];addresi3 bits 23. 
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FIG. 3 is an illustration of a globally administered. Unit-unique MAC 
address 30, as shown in IEEE standard 802-1990, which is Incorporated herein 
by reference. An Organizationally Unique Identifier (OUI) 31 is assigned to each 
global MAC address to ensure uniqueness. The OUI is a 3-octet hexadecimal 
5 number that is used as the first hat! of a 6-octet MAC address. An organization 
using a given OUI is responsible for ensuring uniqueness of the MAC address by 
assigning each" produced unit Its own unique 3-octet Unit-unique MAC address 
32. 

FIG. 4 is an illustration of a locally administered MAC address 40. IEEE 
10 standard 802.3 describes how to ensure unique iViAC addresses for locally 
administered addresses by assigning "1" and "0" as the t\a'o least significant bits 
(LSB) of the first transmitted octet 41. These bits are also shown as 21 and 22 
In FIG. 2. The bit ''I" Indicates that the address is a locally administered 
address,, and the bit "0" Indicates that it is a unlcast address. However, IEEE 
15 standard 802.3 falls to disclose any method of ensuring unique locally 
administered MAC addresses when several nodes operate autonomously, or 
when several nodes belonging to separate solutions operate in the same 
Ethernet network utilizing locally administered addresses. The present Invention 
provides a solution to this shortcoming, 

20 

SUMMARY OF THE INVENTION 

It is therefor? an object of the present invention to overcame the above 
mentioned problems and to provide a method of ensuring unique locally 
administered MAC addressee when several nodes opersrte aLrtonomously, or 
25 when several nodes belonging to separate solutions operaiB in the same 
Ethernet netivoric uiillzing locally administered addresses. In this way, multiple 
nodes can operate autonomously, while iassigning unique locally administered 
MAC addresses. 

Thus, in one aspect, the present invention is directed to a method in ah 
30 Ethernet network of mapping an original Media Access Control (MAC) address to 
a unique locally administered virtual MAC address. The method Includes the 
steps of utilizing a first portion of the virtual MAC address to define a domain for 
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the address; utilizing a second portion of the virtual MAC address to indicate that 
i^the address is a locally administered address;* utilizing a third portion of the 
^virtual I^C address to indicate a unit-specific use; and utilizing a fourth portion 

iOf the virtual MAC address to indicate an organizationally asagned unit-unique 

r 

5 [MAC address. 

■ In yet another aspect, the present Invention is directed to a system In an 

r. 

^.Ethernet network for mapping an original MAC address to a unique locally 
•administered virtual MAC address. The- system includes at least one address 
I mapping function that maps inbound original MAC addresses from Inbound 
10 fEthemet packets to one of a plurality of assigned locally administered virtual 
IMAC addresses. The address mapping' function includes means for utilizing a 

• first portion of the virtual MAC address tor diefine a domain for the address, 
j means for utilizing a second portion of the virtual MAC address to indicate that 
lEthe address is a locally administered address, means for utilizing a third portion 

15 i'of the virtual MAC address to indicate a unitfspecific use, and means for utilizing 
U fourth portion of the virtual jMAC address to indicate an organizationally 
; assigned unlt-unk?ue MAC address. . } 

* The system may also include a MAC address database that stores unit- 
[unique MAC addresses for all nodes in the hetworic; means for accessing the 

20 |MAC address database and for comparing, the node's unit-unique MAC address 
iagainst unit-unique MAC addresses. that are already used in other nodes; and 
imeans within the address mapping fiincfioMor defining a new MAC domain for 
•the node's tocally administered MAC .addr^s if the^ node's unit-unique MAC 
iladdress has already been usedjn another node. 

25 t In still yet another aspect, the present inventton is directed to a method of 
iprevenOng subscriber spoofing in an Ethernet netvaortc. The method includes the 
*,steps of mapping an original MAC address to a locally administered virtual MAC 
.address; and ensuring the locally administered virtual MAC address Is unique. 
fjUniqueness of each address is ensured by utilizing a first portion of the virtual 

30 ijMAC address to define a domain for the address; utilizing a second portion of 
^the virtual MAC address to indicate that the address is a locally administered 
•address; utilizing a thiid portion of the virtual MAC address to Indicate a unit- 
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specific use; and utilizing a fourth portion of the virtual i^C address to indicate 
an oi^anizationaily assigned unit-unique MAC address. The invention may fc>e 
implemented in an address mapping function adapted to operate in an access 
node in an Ethernet networlt 

5 In still yet another aspect, the present Invention is directed to a method in 

an Ethernet networit of mapping an original MAC address to a unique tocally 
administered virtual MAC address. The method includes the steps of utilizing a 
first portion of the virtual MAC address to define a domain for the address; 
utilizing a second porBon of the virtual iViAC address to Indicate that the address 

10 is a localK' administered address; and utilizing a third portion of the virtual MAC 
address to uniquely identify specific users within each MAC domain. This 
metiiod may be used autonomously by 64 different systems or nodes if they 
eadi have their own MAC domeun. Alternatively, each node may consult a 
database to determine whidi addresses are available for use. 

15 

BRIEF DESCRIPTiON OF THE DRAWINGS 

In the following section,, the invention vvilj be described witti reference to 
exemplary embodiments illustrated in the figures, in which: 

FIG. 1 {Prior Art) is an Illustration of a typical Ethernet fifame; 
20 FIG. 2 (Prior Art) is an illustration of a typical Ethernet destination and 

source address struchjre, known as a MAC address; 

FIG. 3 (Prior Art) is an Illustration oif the- layout of a typical globally 
administersd, Unit-unique MAG address; 

FIG. 4 (Prior Art) is an Illustration of the layout of a t^'pical locally 
25 administered MAC address; 

FIG. 5 is an illustration of the layout of a locally administered. Unit-unique 
virtual MAC address stmctured in- accordance with the teachings of the present 
invention; 

FIG. 6 is a simplified functional block diagram Illustrating tiie functions 
30 perfonned when managing locally administered MAC addresses and mapping 
Ethernet traffic In a netwvork in which units autonomously utilize locally assigned 
MAC addresses; 
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FIG. 7 is a simplified block diagram of a network architecture illustrating 
• an original MAC address domain andavlrtual MAC address domain; and 
\ FIG.'S Is an illustration of the layout of a iocally administered, virtual MAC 
■address structured in accordance with theteachings of the piBsent Invention. 

: 5 i • 

■ '■ DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 
f: In the following description, for purposes of explanation and not limitation. 
; specific details are set forth, such as particular embodiments, circuits, signal 
[fonfiats etc. in order to provide a thorough understanding of the present 
10 ' invention. It will be apparent to one sUilled in the art Itiat the present Inventfon 
■ : may be practiced in other embodiments that depart.from these specific details. 

' FIG. 5 is an illustration of a locally administered. Unit-unique virtual MAC 
^: address 50 structured m accordance with the teachings of the present invention. 
*The present Invention provides a method of providing unique locally 
15 r administered MAC addresses when several ^nodes operate autonomously, or 
' several nodes belonging, to separate solutions operate in the same Ethernet 
?networic. As shown in FIG. 5. the last twtfo bits 51 of the first octet may be 
•• ^assigned the values "1" and '0" to indicate that the address is a tocally 

administered uhicast address, as cunently specified In IEEE 802.3. However. 
20 the first six bits. 52 of the first octet are available, and the Inventton uses them to 
\ ' .define domains for locally administered MAC addresses (refened to hereinafter 
j as "MAC domains"). In this manner, 64 different domains may be defined, each 
?of which may be combined v.iih a node's; organizationafr/ assigned Unit-unkjue 
iMAC address 53. Thus, the invention utilizBS iiie node's Unit-unique MAC 
' V 25 ? address and substilutes, for the OUI used . In globally administered unidast 
■J ■ addresses, an identification of a domain and ari indication that the address is a 
* locally administered unicast address.: In this manner, the invention enables the 
i . ' i node to utilize the remaining 16 bits 54 to assign unkjue locally administered 

I MAC addresses. 

30 ■= Using the Unit-unique MAC address as part of a locally administered MAC 
address cannot, by'itself, ensure unique addresses. Duplicate Unit-unique MAC 

. .' addresses can occur when several organizatfons deliver equipment to be utilized 
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in one network, or when equipment from the same supplier Is delivered with s[ 
new OUI and a duplicate Unit-unique MAC address. The MAC donnain of the 
present invention is utilized to distinguish these addresses and to ensure unique 
locally administered MAC addresses. 
5 The MAC domain is preferably selected when Installing and configuring 

network units. Several approaches may be used when assigning MAC domains 
to units. In one approach, nodes with different OUls are assigned different MAC 
domains. In another approach, for each new node, the new node's Unit-unique 
iViAC address is validated against Unit-unique IViAG addresses that are already 
10 used in other nodes. If the new Unii-unique IViAC address has already been 
used, a new MAC domain is assigned. However, if the new Unit-unique MAC 
address has not already been used, a new MAC domain is not assigned. These 
functions may be performed within each Access Node, thereby enabling each 
Access Npde to assign, unique, virtual MAC addresses independently, without 
15 having to access a centralized database. Alternatively, a centralized database 
registering the assigned virtual M/KC addresses of all units may be Implemented 
to ensure the uniqueness of each locally administered address. 

A node- that autonomously uses locally assigned MAC addresses is an 
access point for network trafTic, and must respond like any network interface. 
20 The Interface needs to respond to and manage the mapping of all assigned MAC 
addresses. The mapped net/vorix traffic may originate from sources such as a 
port, user, or sessions, and the like. Even Ethernet traffic may be remapped 
ihrough. for example an access*, node, so that the original MAG address is 
interchanged with a locally administered vlr1:ual iWAC address. This ce^n prevent 
25 subscriber spoofing and provide the ne^Jvort^ operator with conirol of the Ethemet 
traffic. The mapping is done one-to-one. 

The invention is ajso useful when multiple pieces of test equipment are 
connected to the same networl<. If each piece of test equipment is assigned a 
different locally administered unique virtual MAC address, then each piece of 
30 test equipment can send and receive information oyer the networi< without 
affecting the other pieces of test. equipment. The virtual MAC address can be 
generated using an assigned MAC domain 52 or a Unit-unique MAC address 
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, field 53 together with a randomly selected unit specific use field 54. In addition, 
j when the test equipment generates a large amount of traffic, each piece of test 

■ equipment (unit) can assign its own locally administered MAC addresses based 

■ on the test equlpmenf s own Unit-unique MAC address 53. 

5 . FIG. 6 is a simplified functional block diagram illustrating the functions 
• perfomied when managing locally administered MAC addresses and mapping 
Ethernet traffic in a network in which nodes autonomously utilize locally assigned 
MAC addresses. An address mapping application 61 Includes a plurality of 
. address mapping functions 62 that map inbound MAC addresses 63 from 
10 ; inbound Ethernet packets to one of a plurality of assigned locally administered 
i MAC addresses 64. A unit MAC address database 65 that registers ail units' 
f MAC addresses is also shown. A unit application 66 for a networit node 
• Sihteifaces with the database to validate the node's Unit-unique MAC address 
-^against Unit-unique MAC addresses that are already used in other nodes. The 
1 5 • applteatlon 66 has knowledge about the MAC addresses of all other ribdes. This 
Unovyledge may be Internal to the node, or may be extemal to the node and may 
t be controlled, for example, by aPubllc Ethernet Manager (PEM) 79 (see FIG. 7). 
i In $ystems In which an Ethernet LAN Is accessed by Digital Subscriber 
' Line (DSL), it is desirable to provide a high level of flexibility, enabling an end^ 
20 user to change the MAC address of end-user equipment For example, it is 
: desirable for an end-user to be able to purchase a new Ethernet adapter wRhout 
^operator Intervention. In order to provide this fleKlbiliiy, and at the same time 
>5avoid any potential MAC addressing spoofing threat, the present invention 
^Introduces the use of locally administered unique virtual MAC addresses, 
25 FIG. 7 is a simplified btock diagram of a nelworit architecture illustrating 

San original MAC address domain 71 and a virtual MAC address domain 72. 
• Stations In the original iVlAC- address domain access the network using 
Usymmetric DSL (ADSL) technology. An Access Node 73 maps all original MAC 
j-addresses to appropriate virtual MAC addresses. Thus, for upstream traffic, the 
30. .source MAC address field In the Ethernet frame has a virtual MAC address 
^inserted instead of the original MAC address,, while for downstream traffic, the 
sdestlnatlon MAC addressi field in the Ethernet frahne has the original MAC 
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address inserted instead of the virtual MAC address. Tlierefore, the original 
MAC addresses exist only on the tributary (subscriber) side of tlie Access Node, 
\while virtual MAC addresses exist on the aggregate (networic) side of the Access 
Node. The benefit of this functionality Is that the MAC addresses utilized on the 
5 network side are conlrolliBd solely by the network, and no original MAC 
addresses can "pollute" the networic. This eliminates the MAC address spoofing 
threat because there cannot be two identical MAC addresses In the networic. 

The networic architecture also includes a switch 74, a router/Broadband 
Remote Access Server (BRAS) 75, and a local exchange 76. The router/BRAS 
10 may connect ttie networic to an ejcternal broadband networic 77 such as an 1 1' 
networic or As^oichronous Transfer Mode (ATM) network. The local exchange 
may connect the network to an ejctemal telephone networic 78 such as the Put>iic 
Switched Telephone Networic (PSTN) or an Integrated Sen/ices Digital Networic 
(ISDN). A Public Ethemelt Manager (PEM) 79 controls the virtual MAC address 
15 domain 72, but is not included In the virtual MAC address domain Itself because 
the virtual MAC addresses are not utilized in the management Virtual l-AN 
(VLAN). The networic may also include multiple Access Nodes 73, each of which 
maps original MAC addresses from different sources onto the same Ethemet 
networic while maintaining the uniqueness of each virtual MAC address. 
20 FiG. 8 is an illustration of the layout of an exemplary embodiment of the 

tocallj,' administered, virtual MAC address of FIG. 5, illustrating an exemplary 
Implementalton of the unR specific use field 54. The layout of th© xdrfual MAC 
addresses has; been designed In th© present Invention to provide unique 
addresses and thus to avoid the possibility of tm> identical virtual MAC 
25 addresses being generated by the Access Node 7"3 (FIG. 7). Th© virtual MAC 
address layout reflects tradeoffs- beti'yeen fle?cibility and traceabllity. As shown, 
the two least significant bits 81 of the first octet are assigned the values "1" and 
"0" indicating that the address is a tocally administered unicast address. The 
second least significant bit (LSB) Is set to "1" indicating that the address is a 
30 locally administered address. By setting this bit, the Access Node can 
administer 46 of the 48 bits In the Ethemet MAC address. It must be ensured, 
however, tiiat the virtual MAC address never reaches a publk; networic where 
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i other special locally administered MAC addresses could cause loss of 
' uniqueness. 

' . The six most significant t>its 82 of the first octet are utilized to define a 

I virtual MAC address dbmain. In order to ensure that a particular Access Node 

5 ': generates unique virtual MAC addresses, half of the Access Node MAC address 
V (the last three octets 86) is inserted in the virtual MAC address. The remaining 
, three octets of the Access Node MAC address (i.e., the Organizationally Unique 
;. Identifier (OUI) 31) are not utilized. When installing an Access Node, the PEM 
> 79 should set different virtual MAC domains fbr^ Access Nodes that have the 

10 three last octets of the MAC address in common. In this manner, it is ensured 
i that the virtual MAC addresses stay unique for approximately one billion networl^ 
-'^uhits. It should be noted that- the virtual MAC domain is introduced for the 
•' purpose of ensuring uniqueness of virtual MAC. addresses when equipment or 
• systems from multiple vendors are used in the same Ethernet networlc utilizing 

IS \ locally administered IVIAC addresses. 

\ With the bits described above, the virtual I^C address is always unique if 
I a virtual MAC address fifbm one Access Node is compared to an address 
: generated by another Access Node. To provide furtlier distinction of users within 
a given Access Node, the unit specific use field 54 illustrated in FIG. 5 is divided 
■ 20' f into a number of fields 83-85. To distinguish each user within a given Access 
j Node, four (Line) -bits 83 have been selected to contain the ADSL line number 
i (i.e., either 1-8, 1-10. or 1-12) for each'-user. Each Pemnanent V/irtual Circuit 
■ (PVC) may also be distinguished in the virtuaj iVIAC address, and four (PVC) bits 
\ 84 have been selected to represent.ths PVC. To ensure that the end-user can 

25 use more than one MAC address with a particuiar PVC, a remaining octet 85 Is 

'.i 

fused as an index. Three address octets 88 provide an Access Node-unique 

•■ MAC address. 

It should also be noted that in addition to uniqueness, the various fields in 
the virtual MAC address provide traceability. That is, the location on the networi^ 
30 iiof any user of a virtual MAC address can be precisely detemiined tiirough tine 
\ MAC, domain 82, the line field 83/the PVC field 84, the index field 85, and the 
■ ; Access Node-unique MAC address bits.86. 
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Other types of devices can alsd be used within the network. To ensure 
uniqueness from other network devices, a different MAC domain 52 (FIG. 5) can 
be used to denote each type of device. Altematively, the Unit Specific Use field 
54 can be used to denote the device type. The latter, however, will complicate 

5 the task of backtracking a given virtual MAC number. Additionally, the index field 
85, the PVC field 84, and the Line fieW 83 (FIG. 8) can be used for different 
network purposes. For example, if an Access Node or Ethernet switch with 100 
ports perfonns a mapping such as that performed by the Access Node 73 (FIG. 
7). the PVC and Line fields may be combined to indicate 256 different ports. The 

10 layout of the Unit Specific Use field 54 of the virtual MAC address may be altered 
as needed since the mapping of the virtual MAC addresses into original MAC 
addresses (and vice versa) is controlled solely by the Access Node. 

As villi be recognized by those skilled In the art, the Innovative concepts 
described in the present application can be modified and varied over a wid^ 

15 range of applications. Accordingly, the scope of patented subject matter shouI(| 
not be limited to any of the specific exemplary teachings discussed above, but If 
instead defined by the foltowing claims. 
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: WHAT IS CLAIMEDMS : ' 

.\\ ■ • * ■ • • 

i 1. In an Ethernet network, a method of mapping an original Media Access 
{ Control (MAC) address to a unique locally admirdstered virtual MAC address. 
5 . said method comprising tfie steps iof: 

uBIizIng a first portion of the virtual MAC address to define a domain for 
. ; the address; • . 

. i • utilizing a second portbn of the virtual MAC address to indicate that the 
t address is a locally administered address; . 
10 r utilizing a third portion of the virtual MAC address to indicate a unit- 
• specific use; and 

utilizing a fourth portion of the. A^rtual MAC address to Indicate an 
V organizationally assigned unit-unique MAC address. 

■■ ■ • i .. .-. • 

-15 I2. The method of claim 1. wherein the unique, locally administered virtual 
" [. MAC addressHndudes six octete, and wherein: 

. '. the step of utiit^g a- first portion of the virtual MAC address to define a 
{ domain for the address utilizes the six most significarrt bits of the first octet of the 
Ivirtuai MAC addreKi to define thetiomain; and 
20 'i the step of utilizing a second portion of the virtual MAC address to 
■ Indicate that,the address is a locally adrninlstered address utilizes the second- 
! least significant ,bit of the first octei of the virtual MAC address to indicate that the 
^ address is a locally administered addiress. 

25 ';3. the method of claim 2, wherein the step of utilizing a third portion of the 
. ■ Vvirtuali MAC address to IndicatB the unit-specific use includes uHlizing the second 
* . pand'thiixl octets of the virtual MAC address to indicate the unit-specific use. 

(4. The method of claim 3, wherein tfie step of utilizing the second and third 
30 |octets -of the virtual MAC -address to -indicate the unit-specific use includes 
^utilizing fields within the second and thihd octets to Indicate a line number for 

r - - . 
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each user, a Permanent Virtual Circuit (PVC) for each user, and an Index for 
each virtual MAC address utilized for each PVC. 

5. The method of claim 1, wherein different nodes are assigned different 
5 Onganizationally Unique Identifiers (OUIs), and the step of utilizing a first portion 

of the virtual MAC address to define a MAC domain for the address includes 
defining a different domain for each assigned QUI. 

6. The method of claim 1, wherein the step of utilizing a first portion of the 
10 node's locally administers^d iVlAC address to define a domain includes the steps 

of: 

comparing the unit-unique MAC address against unit-unique MAC 
addresses that are already used in other nodes; and 

if the unit-unique MAC address has already been used in another node, 
1 S defining a new MAC domain for the virtual MAC address. 

7. The method of claim 6, wherein the step of comparing the unit-unique 
MAC address against unit-unique MAC addresses that are already used in other 
nodes includes accessing a MAC address database that stores MAC addresses 

20 for all nodes in the network. 

8* The method of claim 1, wherein the original MAG address is received by 
an address mapping function that maps original MAG addresses fn?m Ethernet 
padcets to one of a plurality of assigned locally adminisiBred viriiual WKO 
25 addresses. 

9. In an Ethernet networicva-system for mapping an original Media Access 
Control (MAC) address to a unique locally administered virtual MAC address, 
said system comprising: 
30 at least one address mapping function that maps original MAC addresses 

to one 9f a plurality of assigned locally administered virtual MAC addresses; 
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means within the mapping functton for ufiliang a first portion of the virtual 
! MAC address to define a domain for the virtual MAC address; 
] means within the mapping function for utilizing a second portion of the 
; virtual MAC address to indicate that the address te a locally administered 
5 j: address; 

K means within the mapping function for utilizing a third portion of the virtual 

'« 

? MAC address to denote a unit-specifjcuse; and 

I means within the mapping function for utilizing a fourth portion of the 
^virtual MAC address to denote aii organizationally assigned unit-unique MAC 
10 j address. 

Ho. The system of claim 9, wtierein the unique locally administered virtual 

V 

{mac address includes six octets, and wherein the firet portion of the virtual MAC 
. (address that is utilized to define the domain is the six most significant bits of the 
15 'firet octet of the virtual MAC address. • 



The system of claim 10, wherein the second portion of the virtual MAG 

address that is utilized to indicate that the address is a locally administered MAC 

address is the. second-least signfficant bit of the firet octet of the virtual MAC 

20 iaddress. 

■ - -t. • '■ 

• 12. The system of claim 11, wherein the third portion of the virtual iVIAG 

Address that is utilized to denote a unit specific us© Includes a second and third 

r t 

6ctet of the virtual MAC address. 
25 ' 

13. The system of daim 9, further comprising: • 

• a MAC address database.that stores unit-unique MAC addresses for all 
nodes in the network; 

\ means for acoessing the MAC address, database and for comparing the 
30 Jnit-unique MAC address against u.nlt;umqii4>MAC addresses that are already 
used In other nodes; and . 
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means within the address mapping function for defining a new domain for 
the original MAC address if the unit-unique MAC address has already been used 
in anotiier node. 



S 14. A method of preventing sul3scrit>er spoofing in an Ethemet network 
comprising the steps of: 

mapping an original l\/ledia Access Control (MAC) address to a locally 
administered virtual MAC address; and 

ensuring the locally administered virtual MAC address is unique by: 
10 utilizing a first portion of the \4rtual IWAG address to define a domain for 

the address; 

utilizing a second portion of the virtual MAC address to indicate that the 
address is a locally administered address; 

utilizing a third portion of the virtual MAC address to indicate a unit: 
15 specific use; and 

utilizing a fourth portion of the virtual MAC address to indicate an 
organizationally assigned unit-unique MAC address. i 

15. An address mapping function adapted to operate in an access node in an 
20 Ethemet networl^, said address mapping function comprising: 

logic adapted to map each original Media Access Control (MAC) address 
to one of a plurality of assigned locally administered virtual MAC address; and 

logic adapted to ensure that each assigned locally administered virtual 
MAG address is unique, said uniquene-ss ensuring logic including: 
25 logic adapted to utilize a first portion of the virtual MAG address to define 

a domain for the virtual MAC address; 
- logic adapted to utilize a second portion -of-the virtual MAC address to 
indicate that the address is a locally administered address; 

logic adapted to utilize a third portion of the virtual MAC address to denote 
30 a unit-specific use; and 

logic adapted to utilize a fourth portion of the virtual MAC address to 
denote an organizationally assigned untt-unique MAC address. 
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I 16. The address mapping functbn of claim 15, further comprising a database 

i 

I function adapted to store all assigned locally administered virtual MAQ 
) addresses. 



•5 < 



I 17. The address mapping function .of claim 15, further comprising a 
i communication function adapted to communicate with an* external database that 
i stores all assigned locally administered virtual MAC addresses. 



IG ^ 18. In an Ethernet network, a method of mapping an original iViedia Access 
* Control {UfiiC} address to a unique locally administered virtual IViAC address. 
i said method comprising the steps of: 



15 



J ; utilizing a first portion of ttie virtual MAC address to define a MAC domain 
! for the address; 

utilizing a second portion of the virtual MAC address to indicate that the 
\ address is a locally administered address; and 

i utilizing a third portion of the virtual MAC address to uniquely identify 
I specific users within each MAC domain. 



20 
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